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Cyberspace and the “First Battle” in 
2 l st -century War 

by Robert A. Miller and Daniel T. Kuehl 



Overview 

Wars often start well before main forces engage. In the 19 th 
and early 20 th centuries, combat often began when light cavalry 
units crossed the border. For most of the 20 th century, the “first 
battle” typically involved dawn surprise attacks, usually deliv- 
ered by air forces. 1 While a few of these attacks were so shatter- 
ing that they essentially decided the outcome of the struggle or 
at least dramatically shaped its course — the Israeli air force’s 
attack at the opening of the June 1967 Six-Day War comes 
to mind — in most cases the defender had sufficient strategic 
space — geographic and/or temporal — to recover and eventually 
redress the strategic balance to emerge victorious. The opening 
moments of World War II for Russia and the United States pro- 
vide two examples. 

The first battle in the 21 st century, however, may well be 
in cyberspace. 2 Coordinated cyber attacks designed to shape 
the larger battlespace and influence a wide range of forces and 
levers of power may become the key feature of the next war. Early 
forms of this may have already been seen in Estonia and Georgia. 
Control of cyberspace may thus be as decisive in the network- 
dependent early 21 st century as control of the air was for most of 
the 20 th century. 

In the future, cyber attacks may be combined with other 
means to inflict paralyzing damage to a nation’s critical 
infrastructure as well as psychological operations designed to 
create fear, uncertainty, and doubt, a concept we refer to as 
infrastructure and information operations. The cyber sphere 
itself is, of course, a critical warfighting domain that hosts 
countless information infrastructures, but the rise of network- 
based control systems in areas as diverse as the power grid 
and logistics has widened the threat posed by network attacks 
on opposing infrastructures. 



Given the increasing dependence of the U.S. military and 
society on critical infrastructures, this cyber-based first battle 
is one that we cannot afford to lose. And yet we might. 

First Battles in American History 

Historically, time and space to recover have often proven essen- 
tial in overcoming losses in an opening battle. The United States fre- 
quently has fared poorly in the opening battles of past conventional 
wars — the other side, usually authoritarian or totalitarian, spends 
more time preparing the initial blow. As Charles Heller and Bill Stofft 
point out in their classic study of America’s first battles, there’s a pat- 
tern here. 3 In many cases, especially those in which the United States 
was engaged with a technologically advanced peer competitor, our 
first engagements have been disastrous. Only because America had 
sufficient (sometimes barely sufficient) strategic space — geographic 
and/or temporal depth — were we able to recover from our first defeats. 

World War II provides examples across all three of that war’s 
operational domains and with several combatants in different the- 
aters. At sea, our initial efforts at submarine and carrier warfare, 
which became indispensable components of our victory in the Pacific, 
were hesitant and marked by faulty equipment, ineffective doctrine, 
and a steep learning curve for personnel. 4 In the air, we discovered 
that one of the keystones of our prewar airpower doctrine — the effi- 
cacy of unescorted precision strategic bombing — was sadly in error, 
and the lack of fighter escorts for our bombers in 1943 cost us hun- 
dreds of bombers and thousands of crewmen. It was not until 1944 that 
German exhaustion and the arrival of the P-51 gave us air superiority 
in Europe, without which the victories of 1944-1945 would have been 
simply impossible. On land, our initial encounters with the Wehrmacht 
went poorly, as shown by the disaster at Kasserine Pass and the dif- 
ficulties encountered throughout the North African and Italian cam- 
paigns. Not until the advance across France in the summer of 1944 
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did our skill at conducting combined arms maneuver warfare begin to 
match that of our German adversary. In all three examples, the time 
gap between the opening failures and the eventual victories was mea- 
sured in months to years. 

Even today, as we have most recently seen in Iraq, it has taken 
time and many casualties to change course and implement a strategy 
based on what seems to be more effective counterinsurgency principles. 

We have been lucky to have had the time, space, and resources 
to correct these early problems. The question we face now is whether 
our luck will continue to hold in different operational conditions of 
the cyber age. Will that all-important time gap between early defeats 
and final victory be there for us now and in the future if we are faced 
with an enemy who is adept in and has planned for warfighting in the 
emerging fifth dimension of cyberspace, and who has avoided self- 
imposed and organizationally and programmatically based constraints 
on its operational concept for cyberspace operations? 6 The Chinese, for 
example, have been writing since the 1990s about the evolving “net- 
worked and informationized” battlefield, and one gains a clear sense 
that their approach to cyberwarfare is different than U.S. concepts. 

Evolving Threats 

Twentieth-century warfare was dominated by mass struggles of 
so-called conventional forces, created and sustained by the productive 
power of the industrial state and shadowed by the specter of weapons 
of mass destruction. The mushroom cloud and carpet bombing were 
its symbols, set-piece battles between symmetrically conceived forces 
its hallmark. 

These 20 th -century images have not yet left us, but they have 
been joined by new apparitions. The most visible, of course, is the kind 
of struggle that U.S. forces now find themselves fighting in Iraq and 
Afghanistan. Half war and half pacification campaign, these fierce 
struggles would once have been called “low intensity conflicts” or 
(more distantly) “irregular campaigns.” No longer. 6 

But while our attention has been fixed on the conflicts in the 
Middle East, a different kind of national security threat has also 
emerged in recent years. 

Military forces since time immemorial have tried to confuse 
their enemies and disrupt their plans, cut their communications, 
and throw them off balance. 7 However, the advent of the cyber age 
has changed things in some significant ways. Two factors increase 
the stakes of the cyber struggle. Tactically and operationally, the 
increasing dependence of modern technologically advanced forces 
(especially U.S. forces) on networks and information systems create 
new kinds of exploitable vulnerabilities. Second, as modern societ- 
ies — including the militaries that mirror them — have continued 
to evolve, they have become ever more dependent on a series of 
interconnected, increasingly vulnerable “critical infrastructures” 
for their effective functioning. These infrastructures not only have 
significantly increased the day-to-day efficiency of almost every 
part of our society, but they have also introduced new kinds of vul- 
nerabilities. The increasing exposure of nations such as the United 
States to well-coordinated attacks on critical infrastructures cre- 
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ates a situation that we have labeled “strategic fragility.” 8 The evolu- 
tion of Russian strategic thinking throughout the 1980s and 1990s 
incorporated the potential to degrade national economic systems 
and communications networks as a means of breaking the enemy’s 
will to resist and inflicting military and political defeat, at low cost 
and without the need to occupy territory. 9 

These interconnected and interdependent infrastructures repre- 
sent new kinds of strategic targets. Take them down, and societies are 
effectively paralyzed. And yet successful action against them does not 
depend, as it once would have, on massive destruction of the physical 
infrastructure. In many cases, effective paralysis can be achieved by 
other cheaper and subtler means. In short, it is now possible to create 
chaos without carnage, disruption without destruction. 10 

“Weapons of Mass Disruption” 

The chances of creating nondestructive chaos have been immea- 
surably increased by a second, related development — the increased 
dependence of the other infrastructures on the information infrastruc- 
ture as a control mechanism. Most of the critical infrastructures that 
daily life relies on — electricity, communications, money, and trans- 
portation, to cite just four — now use cyberspace and the Internet to 
exchange information and directions. If this traffic, or the underlying 
data that are transmitted, is interrupted or tampered with, confusion 
and disorder will quickly break out. 11 

Attacks on the cyber infrastructure are one variant of what the 
military refers to as “information operations,” and these attacks have 
been going on in one form or another for some years now. 12 So far, 
however, they have been in the nature of probes rather than strategic 
attacks designed to disable major infrastructures or affect the over- 
all balance of military forces. 13 In the one case in which actual con- 
flict included cyber activity — Russia’s operations against Georgia in 
2008 — the Georgian infrastructure was simply not sufficiently sophis- 
ticated to be vulnerable to a cyber attack. 14 

We think that this is about to change. 

The Opening Shot 

It seems increasingly probable that the first battles in any future 
conflict involving technologically advanced adversaries will be elec- 
tronic and waged in/via cyberspace. 16 Strategic cyber attacks will 
likely have multiple objectives: 

a to disrupt enemy communications and supply lines 

a to distract and confuse enemy command and control 

■ to impair the movement of military forces 

■ to create opportunities for strategic attacks on enemy infra- 
structures 

a to deny similar capabilities to the enemy 

a to weaken and distract social cohesion and political will, per- 
haps even before the conventional start of a conflict 

■ to shape global perceptions of the conflict. 

First battle cyber attacks are likely to use a combination of 
approaches. These could include attempts to deny services critical 
to military capability from logistics support to actual warfighting 
systems, and might include rapid, coordinated attacks to deny net- 
work connectivity. Attacks that deny data are the most obvious use of 
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the new capabilities. Additionally, because of our heavy and growing 
dependence on what can be termed dual-use infrastructures — those 
owned and operated by the private sector that both society itself and 
military forces depend on for daily functioning of critical capabili- 
ties — the target of those attacks may not be prepared or resourced 
to withstand the kind of pressure that could be brought to bear by a 
coordinated and nation-state-sponsored series of attacks. A potential 
target list might include: 16 

■ telecommunications 

■ space-based sensors and relays 

■ automated aids to financial and banking networks 

■ power production and distribution 

■ media to shape public perceptions. 

In addition, we may also see attempts to manipulate the con- 
tent of stored information through such means as injecting spurious 
information (attacks on data integrity). Modern military forces, and 
modern societies in general, rely on large databases of information 
that are essential for daily life and effective operations. If these data- 
bases become unreliable, the likely result is bedlam. So we should also 
expect to see attempts to reduce the adversary’s confidence in the 
reliability of his networks and systems (attacks on confidentiality). 
As one senior Air Force leader observed at a symposium hosted at Air 
University in July 2008, the threat of data denial was much less worri- 
some than that of data manipulation. 17 Evidence of this threat extends 
as far back as Operation Desert Shield, the logistics and force deploy- 
ment buildup to Operation Desert Storm, during which the intrusions 
into nearly three dozen American computer networks and databases by 
the so-called Dutch Hackers forced the delay of elements of the deploy- 
ment because of the necessity to verify the contents of the databases 
that had been affected. 

While the cyber events in Estonia (2007) and Georgia (2008) 
may not have reached the level of cyberwar, the targeted functions in 
both countries bore striking similarity to those listed above. In Esto- 
nia, effects were felt across the financial and media sectors; in Geor- 
gia, the cyber effects were also accompanied by an actual shooting 
war, although the less developed state of Georgia’s use of cyberspace 
limited the cyber impact. 18 

Estonia 2007/Georgia 2008 

The past two summers have seen examples of what the future 
may hold, albeit on a less developed scale. In the spring of 2007, the 
world witnessed what may have been the first major cyber-based 
assault on a nation-state, one that was perhaps particularly vulner- 
able because of its heavy use of and dependence on cyberspace. Esto- 
nia, although a small and relatively lightly populated country (about 
1.3 million, roughly the same as urban Stockholm, Sweden), is one of 
the most highly connected countries in the world; citizens often refer 
to their country as “eStonia.” Both the public and private sectors are 
heavily dependent on cyberspace. 

The details that caused the cyber incident are less important 
than what happened. To protest a perceived insult and injustice to 
Russia, someone launched a persistent but technologically simple 
distributed denial of service attack against a range of Estonian 
targets, coupled with some Web site defacements. Some were 
against the public sector (for example, Estonia’s Parliament and 



Office of the President), while some were against key infrastruc- 
ture elements in the private sector (banks, telecommunications, 
and media). The peak of the attacks came between May 4-8, 2007, 
but they did not present any technologically new features, and the 
largest ones presented all the signs of a botnet, whose use had 
been purchased for a limited and specified period of time. Esto- 
nian internal coordination and mitigation actions were successful 
in minimizing the impact of these assaults, and the perpetrators 
have never been identified. While the common belief is that the 
Russians did it, no one has ever been able to perform any digital 
forensics linking the attacks to the Russian government. Perhaps 
ethnic Russians who were displaying their anger using the new 
medium of cyberspace were to blame, but the only person formally 
charged with any offense was an Estonian. 19 While the incident 
prompted widespread and sometimes breathless “Cyberwarfare is 
Under Way!!” headlines, it had no impact on the Estonian military 
forces or national security apparatus. It was, however, a bit of a 
wakeup call. 

That wakeup call was repeated even more loudly the following 
year, in August 2008, against the small country of Georgia, deep in the 
Caucasus region between Russia and Turkey/Iran to the south. But 
the differences between the Estonia situation and the one faced by 
Georgia were pronounced. Estonia is a heavily “wired” and connected 
society, whereas Georgia is at the opposite extreme. 20 The 2007 inci- 
dent was completely cyber, except for some minor civil disturbances, 
and completely civilian, with no impact on Estonian military systems 
or sites. In Georgia, on the other hand, the cyber incidents went hand 
in hand with a significant conventional military operation by Russian 
forces, with rocket attacks into Georgian territory and an incursion by 
armored forces. Cyber actions against Georgian political leaders began 
well before the crisis blew up into military operations, with attacks 
on/defacement of Georgian President Mikheil Saakashvili’s Web site 3 
weeks before the start of combat operations. Because of Georgia’s much 
lower use of (and thus lower dependence on) cyberspace for the control 
and use of key infrastructures, the cyber attacks conducted against 
Georgia concentrated primarily on blocking its ability to access the 
outside world and tell its side of the evolving story. Targets included 
President Saakashvili, the Foreign Ministry, and the Defense Ministry. 
Once again, claims that a second cyberwar was under way had to be 
measured against the unresolved question, “What is a cyberwar?” 21 

Both incidents raise a series of unanswered questions. What, 
for example, constitutes a sufficiently aggressive or damaging 
cyber event to involve the North Atlantic Treaty Organization? 
While most discussion has focused on Articles 4 (the need for 
consultation) and 5 (collective self defense against an “armed 
attack”), Article 6, which delineates what constitutes an “armed 
attack,” seemingly limits that to actions against territory, forces, 
vessels, or aircraft. What are the limits and requirements for neu- 
trality in cyberspace? Shortly after Russian tanks moved against 
Georgia and its governmental Web sites were defaced and taken 
over by unknown attackers, an ethnic Georgian expatriate in the 
United States who owned Tulip Systems in Atlanta began hosting 
the Georgian sites on Tulip servers. Since the legal status of the 
Russian-Georgian incident was unclear — was an “armed conflict” 
under way? — it cannot be firmly argued that Tulip violated any 
neutrality laws, but the question remains interesting. 22 

Given the potential stakes, it is worth speculating what a full- 
scale cyberwar would look like (see sidebar). 
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A Plausible Scenario ? 1 

The opening phases of the Cyber War 
of 20XX began in ways that surprised most 
of the world, especially Lusitania’s forces and 
its political/military leadership. Even before 
actual hostilities began, certain steps had been 
taken by the Ruritanians over the course of 
many months that culminated on X-Day with 
a rapidly unfolding series of cyber incidents. 
Even though Lusitania’s cyber experts had 
been warning for months — indeed, years — 
that many of their critical national systems 
and infrastructures had been penetrated by 
unknown operatives, Lusitania’s citizens were 
shocked to wake up on X-Day to find that 
for some reason, many of their basic infra- 
structures had either stopped functioning, had 
slowed to a crawl, or else were unreliable. 
Automatic bank tellers no longer worked, many 
media outlets went dark, and even the traffic 
lights often blinked out. The financial sector 
found that its trading floors were paralyzed. 

The electricity blackouts started the first 
afternoon. Though not everywhere, rolling 
blackouts afflicted large parts of the country, 
but at no time did the entire country “go dark.” 
Nobody knew why they started, or for that mat- 
ter why they stopped, although everyone was 
certainly glad they did. 

It actually took some time before the 
Lusitanians even realized that what was going 
on was not merely an unconnected series of 
glitches in the central nervous system. As the 
examination of the failures got under way 
Lusitania’s political and military leadership 
discovered other, even more disquieting prob- 
lems. Supposedly secure logistics databases 
turned out to be unreliable — someone had 
fiddled with the data. Supervisory Control 
and Data Acquisition systems controlling the 
power grid and certain oil refineries and pipe- 
lines went on the blink; the energy infrastruc- 
ture had suddenly become quite shaky. Fur- 
ther complicating the situation was the often 
discussed problem of attribution — -just exactly 
who was doing this? Some of the intrusions 
were traced back to computers in Africa and 
South America, but others came from inside 
Lusitania itself. Without the confident ability 
to point a finger at someone, how would the 
Lusitanian cyber-security forces respond? 2 

Later that day, the problems afflicting 
the infrastructures mysteriously cleared up. 
Television and radio came back on and soon 
were filled with horror stories about the “col- 
lapse of the nation’s infrastructures.” Enter- 
prising reporters soon found, and endlessly 
rebroadcast, film of chaos in the streets, most 



of it captured by “citizen journalists” using 
their cell phones and digital imaging devices. 
Bloggers and users of the new social net- 
working systems soon amplified these stories 
(some were later found to have been false, 
planted by “parties unknown”), coupled with 
rumors about how the authorities were cover- 
ing up even worse stories. Amid rising signs 
of confusion and incipient panic, law enforce- 
ment found that many of its communications 
assets were compromised as well. 

Meanwhile, Lusitanian military forces, 
heavily dependent on network-centric capa- 
bilities, found that their communications were 
unreliable, and even worse, many of the data- 
bases needed for mobilization and force gen- 
eration were untrustworthy. These problems 
worsened over the next 5 days, but it was 
on day six, “Y-day,” that Ruritanian forces 
made their first overt moves against their 
small neighbor, Zenda, with whom tensions 
had reached a boiling point after years of 
nearly continuous confrontation. The same 
problems that Lusitania had been experienc- 
ing now exhibited themselves in Zenda’s sys- 
tems and networks, but far more extensively 
and destructively. Anything that supported 
Zenda’s military forces and ability to defend 
itself, resist attack, and communicate with 
the outside world came under attack. What 
seemed to be a warning to Lusitania only a 
week earlier became a full-fledged assault 
against Zenda, whose populace, long fearing 
their much larger neighbor, began to panic. 

The panic became full fledged on Y+l, 
when Ruritanian forces began to aggres- 
sively exploit the advantages provided by their 
cyber offensive by extending it into a powerful 
attack. Zenda’s air defenses were negated due 
to a deeply flawed and completely inaccurate 
air picture, caused by a devastating intrusion 
into its computerized radar controls. Intru- 
sions also severely degraded Zenda’s view of 
its maritime approaches, which were totally 
unreliable. Zenda’s efforts to prevent Ruri- 
tanian amphibious and airborne forces from 
occupying key sites were completely inef- 
fective, and the Ruritanian cyber blockade, 
imposed by its virtual seizure of Internet 
access controls, led to a global news blackout 
at the most critical moment. The only scenes 
widely accessible to the world came via Rurita- 
nia, which provided a broad multimedia infor- 
mation offensive that consisted of crowds of 
supposed Zendans welcoming the Ruritanian 
forces while those same forces ensured that 
food, water, and medical care were readily 
available to the Zendan population. 



Zenda used special communications links 
to appeal for help from Lusitania, but that effort 
ran into two formidable obstacles. One was an 
intense and broad-spectrum strategic commu- 
nications and influence campaign that aimed 
at several objectives, especially to convince the 
world that Ruritania’s offensive was legally and 
ethically justified and to convince the Lusitanian 
population that any misguided desire to aid Zenda 
was not worth the risks and potential severe costs 
of a wider conflict. Interestingly, most of the 
more direct efforts against Ruritania came from 
Zendan expatriates who quickly mounted a noisy, 
albeit uncoordinated and strategically ineffec- 
tive, series of “patriotic hacking” efforts aimed 
at Ruritania, which had its own increasingly vul- 
nerable cyber dependent infrastructures. For a 
while, these counter-network attacks only served 
to muddy the situational awareness of all parties 
until it became clear that the attackers had no 
government affiliations. 

The other and far more important obsta- 
cle was a focused series of cyber attacks that 
sought to significantly degrade the Lusita- 
nian military capability to generate and move 
forces, albeit for a limited time. The series of 
computer attacks experienced the previous 
week intensified and concentrated on those 
databases, networks, and systems necessary 
to support military efforts to aid Zenda. It was 
obvious that the groundwork and intelligence 
preparation for these attacks had been laid 
over the course of several years. Their target- 
ing principles were cleverly designed to elimi- 
nate human casualties as much as possible, 
especially in the civil sector, and thus avoid 
provoking the Lusitanian population while 
simultaneously limiting Lusitania’s military 
capability to intervene on behalf of Zenda until 
it was too late. Plans to mobilize reserve forces 
and initiate deployment operations had to be 
halted in the face of unreliable databases, bro- 
ken communications links, and widespread 
infrastructure failures. 3 

And this was exactly how the scenario 
played itself out. Future historians would have 
ample ground to plow in exploring how the 
Ruritanians were able to exploit cyberspace 
as the decisive domain in this conflict. The 
Ruritanian campaign in Zenda was militar- 
ily complete within 4 days, and by Y+4, the 
Zendan government had not only capitulated 
but also agreed to the incorporation of Zenda 
as Ruritania’s 33 d province; they were even 
allowed to remain in office to lead the process 
of incorporation. Casualties in Zenda had been 
remarkably light, in part due to Ruritania’s 
disruption of Zendan military communications 
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and control capabilities, and Ruritania’s stra- 
tegic communications forces had been quick 
to show the rest of the world how little physical 
damage had been done and the popular accep- 
tance of the new situation. 

In Lusitania, the Ruritanians had clev- 
erly combined their demonstrated yet under- 
stated threat to a wide range of national infra- 
structures with an attack that on the surface 
looked more like malfunctions than a long- 
planned and prepared military operation, at 
least not until it was long over. Furthermore, 
the suppression of rapid Lusitanian military 
action until after the Zendan campaign was 
over and the fact that intense diplomatic 
maneuvers and negotiations were under way 
meant that the Lusitanian government had to 
react to a fait accompli and a total change in 
the geopolitical situation from what had been 
the basis for all previous planning. Given the 
facts on the ground, it seemed clear that a war 
with Ruritania would likely accomplish noth- 
ing, and diplomacy soon returned the situa- 
tion between Ruritania and Lusitania to what 
it was ante bellum. 

Only after the situation was resolved was 
it was apparent that the first battle of this war 
had been waged in cyberspace, and the Ruri- 
tanians had won a decisive victory. Although 
Lusitanian military and cyber strategists had 
been calling attention to the writings and 
analysis of both Chinese and Russian informa- 
tion warfare theorists for nearly two decades, 
and had the experience of the Estonian and 
Georgian crises to provide real-world empiri- 
cal evidence to validate the theories, the real- 
ity was worse than the predictions. Ruritanian 
joint and integrated kinetic and cyber opera- 
tions against Zenda put into practice, on a 
grand scale, lessons and insights that should 
have been gained from the Russia-Georgia 
conflict. Meanwhile, the Ruritanians’ precise 
and focused cyber operations against Lusita- 
nia generated real and critical military advan- 
tages while simultaneously avoiding the kind 
of apocalyptic society-wide damage that many 
theorists predicted. 



Information and Infrastructure Operations 

In the 1990s, it became fashionable in American military circles to 
speak of a “revolution in military affairs,” arising from a combination of 
technological breakthroughs, changes in the geopolitical balance due to 
the end of the Cold War and the collapse of the Soviet Union, and the grow- 
ing conventional military superiority of the United States and its allies. As 
many theorists pointed out, all of these factors suggested that future con- 
flicts — at least those involving U.S. forces — were likely to become “asym- 
metric,” as others tried to figure out ways to counter U.S. predominance in 
conventional and nuclear military power. 23 

As we have seen in Iraq and Afghanistan — mirroring lessons learned 
from many previous insurgencies — lightly armed insurgents can have a 
considerable degree of success against conventional forces, especially if 
they use tools of the cyber age as force multipliers. 

For the reasons discussed above, it seems likely that we are seeing 
the beginnings of a new kind of military operation, which could be referred 
to as information and infrastructure operations (120). 120 warfare could: 

■ combine with other types of operations 

■ be largely fought in cyberspace. Special operations and limited 
kinetic efforts directed at key infrastructure targets, single points 
of failure, and chokepoints are also likely. 

■ have strategic as well as operational/tactical goals 

■ offer important asymmetric advantages against a society/military 
dependent on networked systems and capabilities 

■ offer important advantages to the first mover. Combined with 
the relative ease of initiating such 120, this provides powerful 
incentives to a hostile (or merely nervous) potential adversary 
to initiate actions. 

■ be limited through resilience strategies and, perhaps, be deterred 
by the development of retaliatory capabilities 

■ delay counter actions because of the inherent difficulty in obtain- 
ing high-confidence attribution of attacker identity 

■ drive other military forces to exploit cyber capabilities regardless 
of the United States doing so 

■ be decisive in achieving war aims. 

Command and Control Issues 

The U.S. Government, and particularly the military has been pay- 
ing increased attention to cyber threats in recent years. 24 As yet, however, 
much of this effort has seemed, at least from a distance, somehow disso- 
ciated from broader strategic and operational concerns — as if the cyber 
struggle will be confined to a series of “exploits” that will be pursued in 
their own realm with little contact with other events. In particular, the 
possibility of 120 as an element of a larger military and national security 
strategy has received little attention in the United States. 



Notes 

1 The protagonists in this futuristic scenario are not 
intended to represent any real countries or reflect current 
planning exercises, certainly not Russia, Georgia, and the 
United States. 

2 See Jason Fritz, “How China Will Use Cyber War- 
fare to Leapfrog in Military Competitiveness,” in Culture 
Mandala 8, no. 1 (October 2008), 56, on the problems of 
attribution. 

3 Ibid, 69. 



The Cyber Battle 

We predict that in any future conflict, strategic infrastructures will 
be a major, and perhaps decisive, battleground, and 120 will be the critical 
set of operations in that battleground. We also expect that cyberspace will 
be the major theater for the conduct of such operations, if only because it 
offers a fast, relatively inexpensive, and effective way to assail and degrade 
critical but vulnerable infrastructures. 26 

As a consequence, we also expect that the struggle for cyberspace 
dominance will be a difficult one, fought at the beginning of hostilities 
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and probably begun long before. Since modern military operations 
have already become cyber dependent, and are rapidly increasing this 
dependence for operations and logistics, this cyber struggle for mas- 
tery will have significant consequences for a nation’s ability to deploy, 
support, and fight, especially in a conflict of short duration aimed at 
focused and limited objectives. Winning that future war — defined 
in Clausewitzian terms as the attainment of strategic political objec- 
tives — thus may depend on successfully waging and winning the “first 
battle in cyberspace.” 



Notes 

1 Examples of the latter include the German attack on Poland in 1939, Japanese 
attack on Pearl Harbor, Israeli attack on Egypt at the start of the 1967 war, and coali- 
tion attack on Iraq in 1991, although the latter was a surprise only in a tactical sense. 

2 This is obviously a hypothetical construct because the 21 !l -century’s first battles 
have already been waged in Afghanistan and elsewhere. 

3 Charles E . Heller and William A. Stofft, eds., America's First Battles, 1 776-1965 
(Lawrence: University Press of Kansas, 1986) . 

4 This was also true for early operations in the Battle of the Atlantic, during which 
U.S. shipping was so badly ravaged by German U-boats that their crews called this period 
(early 1942) the “happy times.” However, a significant cause of this was the stubborn 
refusal of senior U.S. Navy leadership, especially Admiral Ernest King, to adopt the 
convoy system, rather than an across-the-board problem. 

6 The definition of cyberspace is still evolving. The Department of Defense uses 
the definition that originated with the Deputy Secretary of Defense in mid-2008 and 
has been codified into doctrine. Cyberpower and National Security (NDU Press and 
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